Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: ftpd and passwd files
From: mjr @ tis . com
Date: Wed, 2 Feb 94 20:51:31 EST
To: hobbit @ babyoil . ftp . com, smb @ research . att . com
Cc: firewalls @ GreatCircle . COM

>But remember that the TIS version uses the password file for login
>privileges to ftpd.  Marcus says that he doesn't do a second chroot,
>but I'm not convinced that that's wise -- let your non-anonymous
>ftp administrators have access to a functional passwd file, if
>they wish, but give anonymous users *nothing*.

		It's my fault for being unclear.  The version we
run (and which is with the firewall toolkit) uses our authentication
server for authentication, and the password file entry serves only
to make the output from "ls" look nice and to let ftpd know if it
is someone it wants to accept as a user. So the password file
is really just a placeholder and way of mapping uids to names.

		If you're using passwords, you're just asking for
trouble, anyhow, whether they're in your FTP area or anyplace else
on your system (except for hidden keys in your challenge-response
system's database, that is) :).

mjr.

Indexed By Date Previous: Re: manufactures codes for ethernet
From: Tom Fitzgerald <fitz @ wang . com>
Next: Delete me from mailing list Please!
From: Terence C. O'Neill <yinyang!ton @ dum . phcs . com>
Indexed By Thread Previous: Re: ftpd and passwd files
From: smb @ research . att . com
Next: Socks and DNS
From: hp90101 @ internet . sbi . com (Harry Protoolis)

Google
 
Search Internet Search www.greatcircle.com